Disable ALL users LOGIN only?

TestUser

Verified User
Joined
Aug 26, 2011
Messages
215
Hi, i have a question....
Is it possible some how disable ALL user logins?
What do i mean?
If i disable A user... domain and emails from this user dosent work... OK
NOW i want to disable ALL users login....
I mean so that no user (except admin) can login to DA
WHY?
Coupple of days my server was compromised, becouse some how a pasword for a user was "guessed" and then somehove they tryed to send 50.000+ emails via this user....
So... becouse none of my users actualy need (or do they?) login i want to disable this...
Is it possible??? if yes, how?
Of no, why not?:confused:
 
Create file:

/usr/local/directadmin/scripts/custom/all_post.sh

Put in it:

Code:
#!/bin/sh

if [ "$username" != "admin" ]; then
    echo "Directadmin is currently disabled."
    exit 0
fi

Then

Code:
chmod 750 /usr/local/directadmin/scripts/custom/all_post.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/all_post.sh
/sbin/service directadmin restart
 
I'm not 100% sure what you want to do. If you want to disable all logins including shell logins, and any email logins to the main usernames, then you can add an ! to the beginning of all password fields in /etc/shadow. You can script this, but be careful to save a copy for reuse in the event you make an error. Then you can restore users individually, or all at once, by simply removing those leading ! characters. Note that if anyone adds or removes a user while you're editing the file, those changes will be lost when you save your work. So I'd rename the file to something else while editing it, which will disable all logins, including root. Note: this is dangerous; be sure you know what you're doing. If you lose access to the server while the /etcshadow file is unavailable you could lose access to your server.

Jeff
 
Right...
suspending is not an options, becouse http pages and user emails dosent work...
i want just to disable user (owner of the domain) prevent from loging in anything..
Though i want www pages and POP3/IMAP emails on the domain working like now...
 
Create file:

/usr/local/directadmin/scripts/custom/all_post.sh

Put in it:

Code:
#!/bin/sh

if [ "$username" != "admin" ]; then
    echo "Directadmin is currently disabled."
    exit 0
fi

Then

Code:
chmod 750 /usr/local/directadmin/scripts/custom/all_post.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/all_post.sh
/sbin/service directadmin restart
Is this method used only for DA login, or everithing?
For instance... if a user(domain owner) wants to login into FTP/email ?
 
I'm not 100% sure what you want to do. If you want to disable all logins including shell logins, and any email logins to the main usernames, then you can add an ! to the beginning of all password fields in /etc/shadow. You can script this, but be careful to save a copy for reuse in the event you make an error. Then you can restore users individually, or all at once, by simply removing those leading ! characters. Note that if anyone adds or removes a user while you're editing the file, those changes will be lost when you save your work. So I'd rename the file to something else while editing it, which will disable all logins, including root. Note: this is dangerous; be sure you know what you're doing. If you lose access to the server while the /etcshadow file is unavailable you could lose access to your server.

Jeff

Have checked the file...
Some users have already ! in start of the password...
Is this just coincidence ?
I think best is, like you say.... make a copy of a file.. and test for 1 user... ;)
 
Is this method used only for DA login, or everithing?
For instance... if a user(domain owner) wants to login into FTP/email ?
Only for DirectAdmin, which is why I didn't recommend it.
Have checked the file...
Some users have already ! in start of the password...
Is this just coincidence ?
Not quite. An encoded password cannot start with the ! character, so it's the common way to disable a password. And so it's the way DirectAdmin disables a password when you suspend a site. It's not the only thing DirectAdmin does, though, to disable a site, and doing it alone does not disable a site, but only the login. You could of course just change the password, but then you couldn't restore it unless you saved it previously; using the ! gives you a way to disable the password, and then re-enable it later, by removing the !. You shuld of course keep a list separately, of what you've disabled and why.
I think best is, like you say.... make a copy of a file.. and test for 1 user... ;)
Always.

Jeff
 
That way would only stop ftp and system login access. They still could get into email fine. Your best to just use a firewall to stop communication for a short period of time.
 
Back
Top